[ previous ] [ next ] [ threads ]
 
 From:  "D. Ryan Spott" <rspott at cspott dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  IPSec and NAT tunneling
 Date:  Tue, 21 Nov 2006 14:33:43 -0800
Hello,

I have the following setup for my little network.

<internet>
        |
<monowall 1 (WAN:1.2.3.4, LAN:192.168.1.1/24)>
       |
<IPSEC tunnel (between the monowalls via the internet)>
       |
<monowall 2 (WAN:5.6.7.8, LAN:192.168.2.1/24)>

Monowall 1 and 2 are both connected to the Internet via their WAN ports 
and each other via the IPsec tunnel. Clients on the 192.168.1.0/24 
network can ping etc the clients on the 192.168.2.0/24 network.

I am attempting to do a 1:1 NAT tunnel from 1.2.3.5 (proxy-arp-ed on the 
WAN side of monowall 1 to 192.168.2.3. Through the ipsec tunnel.

If I setup the 1:1 NAT tunnel from 1.2.3.5 (proxy-arp-ed on the WAN side 
of monowall 1 to 192.168.1.3 it works.

If I setup the 1:1 NAT tunnel from 1.2.3.5 (proxy-arp-ed on the WAN side 
of monowall 1 to 192.168.2.3 it does not work.

I have looked though the last 6 months of so of logs and I am unable to 
find any sort of how-to or "I have done this."

Is this config possible? Anyone care to walk me through it?

thanks!

ryan